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CLAIM AMENDMENTS 

1 . (Previously Presented) A method of enforcing a policy on a computer network including 
a resource, wherein a user is coupled to the computer network through a network access server, 
the network access server being interposed between the user and the resource, wherein the user is 
attempting to access the resource over a network link, comprising the steps of: 

in response to an attempt by the user to access the resource on the network, determining a 
group to which the user belongs and evaluating the link to determine a characteristic of the link; 
and 

based on the determined group and the determined characteristic, selecting an 
authorization parameter, wherein the authorization parameter is used by the network access 
server to grant or deny access to the resource in accordance with the policy. 

2. (Canceled). 

3 . (Original) The method of claim 1 , wherein the selecting step further comprises the step 
of selecting a profile based on the determined group, wherein the authorization parameter is 
contained in the profile. 

4. (Original) The method of claim 1 , wherein the determining step further comprises the 
step of referencing a user object corresponding to the user, wherein the user object has a group 
attribute representative of the group. 

5. (Original) The method of claim 3, further comprising the steps of: adding an override 
attribute associated with the user to the profile; and determining whether to admit or deny access 
to the resource based on the override attribute. 

6. (Original) The method of claim 1 , wherein the authorization parameter is associated with 
a policy statement, wherein the selecting step further comprises the steps of: evaluating the 
policy statement based on the determined group; and if the policy statement is evaluated to be 
true, selecting the authorization parameter. 
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7. (Original) The method of claim 1, wherein the authorization parameter represents a time 
of day at which the user is permitted access to the network. 

8. (Original) The method of claim 1 , wherein the authorization parameter represents a day 
of the week during which the user is permitted access to the network. 

9. (Original) The method of claim 1 , wherein the authorization parameter represents a 
phone number that may be called by the user. 

1 0. (Original) The method of claim 1 , wherein the authorization parameter represents a 
phone number from which the user is permitted to access to the network. 

11-28. (Canceled). 

29. (Previously Presented) A method of enforcing a policy on a computer network 
comprising the steps of: in response to an attempt by a user to access the network through a 
communication medium, determining a group to which the user belongs; determining the 
medium type and, based on the determined group and the medium type, selecting an action, 
wherein the action is used by a network access server to grant or deny access to the network in 
accordance with the policy wherein the user is coupled to the computer through the network 
access server, the network access server being interposed between the user and the resource. 

30. (Original) A method of enforcing a policy on a computer network comprising the steps 
of; in response to an attempt by a user to access a network over a dial up link using a called 
number, determining a group to which the user belongs; determining the called number of the 
dial up link and, based on the determined group and the number, selecting an action, wherein the 
action is usable to grant or deny access to the network in accordance with the policy. 

3 1 . (Original) A computer-readable medium having computer-executable instructions for 
performing the steps of: in response to an attempt by a user to access a computer network 
through a communicarion medium, determining a group to which the user belongs; determining 
the medium type and, based on the determined group and the medium type, selecting an action, 
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wherein the action is usable to grant or deny access to the network in accordance with a policy of 
the network. 

32. (Original) A computer-readable medium having computer-executable instructions for 
performing the steps of: in response to an attempt by a user to access a computer network over a 
dial up link using a called number, determining a group to which the user belongs; determining 
the called number of the dial up link and, based on the determined group and the number, 
selecting an action, wherein the action is usable to grant or deny access to the network in 
accordance with a policy of the network. 
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